start reworking security policy

author: Éric Araujo <earaujo@caravan.coop> 2019-12-14 13:32:07 -0500
committer: Éric Araujo <earaujo@caravan.coop> 2019-12-14 13:32:07 -0500
commit: 0168300b0da3c79e05ec87aa777e04674a86cebb (patch)
tree: 4e1f38841af1e6f8fd20b4e536ddbe946c294911 /docs/narr
parent: 4a46827769bbe181070a74927aa4e988a4cc3112 (diff)
download: pyramid-0168300b0da3c79e05ec87aa777e04674a86cebb.tar.gz
pyramid-0168300b0da3c79e05ec87aa777e04674a86cebb.tar.bz2
pyramid-0168300b0da3c79e05ec87aa777e04674a86cebb.zip
1 files changed, 42 insertions, 28 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index f1bb37c69..a71b9abd9 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -72,12 +72,19 @@ A simple security policy might look like the following:
     from pyramid.security import Allowed, Denied
 
     class SessionSecurityPolicy:
-        def identify(self, request):
+        def authenticated_userid(self, request):
             """ Return the user ID stored in the session. """
             return request.session.get('userid')
 
-        def permits(self, request, context, identity, permission):
+        def identify(self, request):
+            """ Return app-specific user object. """
+            userid = self.authenticated_userid(request)
+            if userid is not None:
+                return models.Users.get(id=userid)
+
+        def permits(self, request, context, permission):
             """ Allow access to everything if signed in. """
+            identity = self.identify(request)
             if identity is not None:
                 return Allowed('User is signed in.')
             else:
@@ -87,7 +94,7 @@ A simple security policy might look like the following:
             request.session['userid'] = userid
             return []
 
-        def forget(request):
+        def forget(request, **kw):
             del request.session['userid']
             return []
 
@@ -136,12 +143,16 @@ For example, our above security policy can leverage these helpers like so:
         def __init__(self):
             self.helper = SessionAuthenticationHelper()
 
+        def authenticated_userid(self, request):
+            # XXX add code
+            ...
+
         def identify(self, request):
-            """ Return the user ID stored in the session. """
             return self.helper.identify(request)
 
-        def permits(self, request, context, identity, permission):
+        def permits(self, request, context, permission):
             """ Allow access to everything if signed in. """
+            identity = self.identify(request)
             if identity is not None:
                 return Allowed('User is signed in.')
             else:
@@ -150,8 +161,8 @@ For example, our above security policy can leverage these helpers like so:
         def remember(request, userid, **kw):
             return self.helper.remember(request, userid, **kw)
 
-        def forget(request):
-            return self.helper.forget(request)
+        def forget(request, **kw):
+            return self.helper.forget(request, **kw)
 
 Helpers are intended to be used with application-specific code, so perhaps your
 authentication also queries the database to ensure the identity is valid.
@@ -159,13 +170,13 @@ authentication also queries the database to ensure the identity is valid.
 .. code-block:: python
     :linenos:
 
-        def identify(self, request):
-            """ Return the user ID stored in the session. """
-            user_id = self.helper.identify(request)
-            if validate_user_id(user_id):
-                return user_id
-            else:
-                return None
+    def identify(self, request):
+        # XXX review: use authenticated_userid below or identify?
+        user_id = self.helper.identify(request)
+        if validate_user_id(user_id):
+            return user_id
+        else:
+            return None
 
 .. index::
    single: permissions
@@ -237,7 +248,9 @@ might look like so:
     from pyramid.security import Allowed, Denied
 
     class SecurityPolicy:
-        def permits(self, request, context, identity, permission):
+        def permits(self, request, context, permission):
+            identity = self.identify(request)
+
             if identity is None:
                 return Denied('User is not signed in.')
             if identity.role == 'admin':
@@ -246,6 +259,7 @@ might look like so:
                 allowed = ['read', 'write']
             else:
                 allowed = ['read']
+
             if permission in allowed:
                 return Allowed(
                     'Access granted for user %s with role %s.',
@@ -326,7 +340,7 @@ object.  An implementation might look like this:
     from pyramid.authorization import ACLHelper
 
     class SecurityPolicy:
-        def permits(self, request, context, identity, permission):
+        def permits(self, request, context, permission):
             principals = [Everyone]
             if identity is not None:
                 principals.append(Authenticated)
@@ -352,7 +366,7 @@ For example, an ACL might be attached to the resource for a blog via its class:
             (Allow, Everyone, 'view'),
             (Allow, 'group:editors', 'add'),
             (Allow, 'group:editors', 'edit'),
-            ]
+        ]
 
 Or, if your resources are persistent, an ACL might be specified via the
 ``__acl__`` attribute of an *instance* of a resource:
@@ -369,10 +383,10 @@ Or, if your resources are persistent, an ACL might be specified via the
     blog = Blog()
 
     blog.__acl__ = [
-            (Allow, Everyone, 'view'),
-            (Allow, 'group:editors', 'add'),
-            (Allow, 'group:editors', 'edit'),
-            ]
+        (Allow, Everyone, 'view'),
+        (Allow, 'group:editors', 'add'),
+        (Allow, 'group:editors', 'edit'),
+    ]
 
 Whether an ACL is attached to a resource's class or an instance of the resource
 itself, the effect is the same.  It is useful to decorate individual resource
@@ -425,10 +439,10 @@ Here's an example ACL:
     from pyramid.security import Everyone
 
     __acl__ = [
-            (Allow, Everyone, 'view'),
-            (Allow, 'group:editors', 'add'),
-            (Allow, 'group:editors', 'edit'),
-            ]
+        (Allow, Everyone, 'view'),
+        (Allow, 'group:editors', 'add'),
+        (Allow, 'group:editors', 'edit'),
+    ]
 
 The example ACL indicates that the :data:`pyramid.security.Everyone`
 principal—a special system-defined principal indicating, literally, everyone—is
@@ -460,7 +474,7 @@ dictated by the ACL*.  So if you have an ACL like this:
     __acl__ = [
         (Allow, Everyone, 'view'),
         (Deny, Everyone, 'view'),
-        ]
+    ]
 
 The ACL helper will *allow* everyone the view permission, even though later in
 the ACL you have an ACE that denies everyone the view permission.  On the other
@@ -476,7 +490,7 @@ hand, if you have an ACL like this:
     __acl__ = [
         (Deny, Everyone, 'view'),
         (Allow, Everyone, 'view'),
-        ]
+    ]
 
 The ACL helper will deny everyone the view permission, even though
 later in the ACL, there is an ACE that allows everyone.
@@ -495,7 +509,7 @@ can collapse this into a single ACE, as below.
     __acl__ = [
         (Allow, Everyone, 'view'),
         (Allow, 'group:editors', ('add', 'edit')),
-        ]
+    ]
 
 .. _special_principals:
author	Éric Araujo <earaujo@caravan.coop>	2019-12-14 13:32:07 -0500
committer	Éric Araujo <earaujo@caravan.coop>	2019-12-14 13:32:07 -0500
commit	0168300b0da3c79e05ec87aa777e04674a86cebb (patch)
tree	4e1f38841af1e6f8fd20b4e536ddbe946c294911 /docs/narr
parent	4a46827769bbe181070a74927aa4e988a4cc3112 (diff)
download	pyramid-0168300b0da3c79e05ec87aa777e04674a86cebb.tar.gz pyramid-0168300b0da3c79e05ec87aa777e04674a86cebb.tar.bz2 pyramid-0168300b0da3c79e05ec87aa777e04674a86cebb.zip